Semantic-Based Multi-Domain Data Access Authorization

Abstract

Different domains employ variety of access control rules to protect the resources lay within their perimeters. When trying to access a resource from outside one’s domain, various issues are arising which prevent cooperating among those domains without endangering the security of the protected resources. The main challenge is how to efficiently handle the rights of users throughout the period of interoperation between various domains. In this paper, we propose a semantic-based multi-domain authorization approach that protects the resources on the multiple domains and, at the same time, provides a steady, flexible and secure authorized access to the protected resources. Two algorithms are described, one for single-domain authorization and the other is for multi-domain authorization. Our approach is based on dynamically merging access control policy rules for various domains in one large ontology, then extracting the access decision. We develop a proof-of-concept implementation and give the complexity analysis for our approach.